The digital realm has long struggled with the vulnerabilities inherent in password-based authentication systems. With iOS 18 launching in September, Apple introduces a groundbreaking API for developers to implement passkeys, transforming how users secure their online accounts. This innovation is set to create a password-less future, significantly enhancing user data protection.

What Are Passkeys?

Passkeys are a sophisticated, passwordless login option for apps and websites developed by the FIDO Alliance. They consist of a “private key” stored on the user’s device and a “public key” residing with the service. This dual-key system undergoes an encrypted verification process, ensuring that access is granted only when the user’s biometrics or device PIN confirm their identity. This system effectively eliminates the need for passwords and multi-factor authentication codes, creating a seamless and secure user experience.

The Benefits of Passkeys

Traditional logins rely on passwords, which users often reuse across multiple sites, posing substantial security risks. Passkeys, however, are tied to the user’s unique device and biometric data, rendering them immune to phishing and brute-force attacks. If a passkey is stolen, it becomes useless without the rightful owner’s biometric verification. This intrinsic link between the user and the device significantly mitigates the threat landscape.

Banks and Passkey Adoption

While the advantages of passkeys are clear, some industries have been slow to adopt, including banks. Andrew Shikiar, CEO and Executive Director of the FIDO Alliance, explains, “Banks and financial institutions operate in a highly regulated industry, so they are vigilant when it comes to ensuring that user authentication complies with relevant regulations. Synced passkeys introduce a new customer assurance model that compliance leads within banks are still adjusting to.”

However, Shikiar noted that “we are now seeing regulatory and other government bodies begin to give formal guidance on how industry should contemplate passkeys,” including an April 2024 missive from the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) offering guidance about implementation.

But Shikiar says that “banks are hypersensitive to customer experience,” too, and thus more cautious about changing how customers log in—even if passkeys are quicker and more secure. New login methods require educating customers—and that takes time.

Despite these bottlenecks, Shikiar says that banks are slowly moving away from strictly password-based logins because they “inherently understand that using a passkey as a primary factor is far superior to a password.”

The Collaborative Future of Passwordless Authentication

Apple’s implementation of passkeys underlines a collective effort by tech giants within the FIDO Alliance, including Microsoft and Google, to enhance internet security. The Alliance has pioneered developments in authentication standards, striving to eliminate the vulnerabilities of password-based systems. Users can visit the FIDO Alliance to learn more about the ongoing efforts and advancements in passkey technology and the latest in passkey implementation.

As passkeys gain traction, the internet moves closer to a future where security does not come at the expense of user convenience. The collaborative efforts of industry leaders within the FIDO Alliance signal a transformative shift towards more secure, passwordless authentication methods, promising a safer digital experience for all.


More

AWS Expands MFA Requirements, Boosting Security and Usability with Passkeys

AWS has announced the introduction of FIDO passkeys for multi-factor authentication (MFA) to further secure…

Read More →

ID Talk Podcast: Passkeys, Standards, and Selfie Certification with FIDO’s Andrew Shikiar

The FIDO Alliance, founded in 2012, stands as a pivotal organization in the identity technology…

Read More →

InfoSecurity Magazine: #Infosec2024: CISOs Need to Move Beyond Passwords to Keep Up With Security Threats

Passwordless systems, even if they stop short of a full zero-trust environment, improve convenience as…

Read More →